>> Narrator: Live, from Boston, Massachusetts, this is theCUBE, covering Spark Summit East 2017, brought to you by Databricks. Now, here are your hosts, David Vellante and George Gilbert. >> Back to Boston, everybody, where the city is bracing for a big snowstorm. Still euphoric over the Patriots' big win. Aaron Colcord is here, he's the director of engineering at FIS Global, and he's joined by Dave Favela, who's the director of BI at FIS Global. Gentlemen, welcome to theCUBE. It's good to see you. >> Yeah, thank you. >> Thank you very much. >> Thanks so much for coming on. So Dave, set it up. FIS Global, the company that does a ton of work in financial services that nobody's ever heard of. >> Yeah, absolutely, absolutely. Yeah, we serve and touch virtually every credit union or bank in the United States, and have services that extend globally, and that ranges anywhere from back office services to technology services that we provide by way of mobile banking or online banking. And so, we're a Fortune 500 company with a reach, like I said, throughout the nation and globally. >> So, you're a services company that provides, sort of, end-to-end capabilities for somebody who wants to start a bank, or upgrade their infrastructure? >> Absolutely, yeah. So, whether you're starting a bank or whether you're an existing bank looking to offer some type of technology, whether it's back-end processing services, mobile banking, bill pay, peer-to-peer payments, so, we are considered a FinTech company, and one of the largest FinTech companies there is. >> And Aaron, your role as the director of engineering, maybe talk about that a little bit. >> My role is primarily about the mobile data analytics, about creating a product that's able to not only be able to give the basic behavior of our mobile application, but be able to actually dig deeper and create interesting analytics, insights into the data, to give our customers understanding about not only the mobile application, but be able to even, as we're building right now, a use case for being able to take action on that data. >> So, I mean, mobile obviously is sweeping the banking industry by storm, I mean, banks have always been, basically, IT companies, when you think about it, a huge component of IT, but now mobile comes in and, maybe talk a little bit about, sort of the big drivers in the business, and how, you know, mobile is fitting in. >> Absolutely. So, first of all, you see a shift that's happening with the end user: you, David, as a user of mobile banking, right? You probably have gone to the branch maybe once in the last 90 days, but have logged into mobile banking 10 times. So, we've seen anywhere from an eight to nine time shift in usage and engagement on the digital channel, and what that means is, more interactions and more touch points that the bank is getting off of the consumer behavior. And so, what we're trying to do here is turn that into getting to know the customer profile better, so that they could better serve in this digital channel, where there's a lot more interactions occurring. >> Yeah, I mean, you look at the demographic, too. I mean, my kids don't even use cheques. Right, I mean, it's all, everything's done on mobile, Venmo, or whatever, the capabilities they have. So, what's the infrastructure behind that that enables it? I mean, it can't be what it used to be. I mean, probably back-end still is, but what else do you have to create to enable that? >> Well, it's been a tremendous amount of transformation on the back-ends over the last ten years, and particularly when we talk about how that interaction has changed, from becoming a more formal experience to becoming a more intimate experience through the mobile client. But, more specifically to the back-end, we have actually implemented Apache Spark as one of our platforms, to actually help transform and move the data faster. Mobile actually creates a tremendous amount of back-end activity, sometimes even more than what we were able to see in other channels. >> Yeah, and if you think about it, if you just kind of step back a little bit, this is about core banking, right, and as you speak to IT systems, and so, if you think about all the transactions that happen on the daily, whether you're in branch, at ATM, on a mobile device, it's processed through a core banking system, and so one of the challenges that, I think, this industry and FinTech is up against is that, you've got all these legacy old systems that have been built that can't compute all this data at a fast enough rate, and so for us, bringing in Aaron, this is about, how do you actually leverage new technology, and take the technical data of the old systems, data schemas and models, and marry the two to provide data, key data that's been generated. >> Dave: Without shutting down the business. >> Without shutting down the business. >> Because that's the hard part. >> Can you elaborate on that, because that's non-trivial. It used to be when banks merged, it could take years for the back-off of systems to come together. So now, let's say a bank comes to you, they have their, I don't want to say legacy systems, it's the systems they've built up over time, but they want the more modern capabilities. How do you marry the two? >> Would you take a first stab? >> Well, it is actually a very complicated process, because you always have to try to understand data itself, and how to put those two things together. More specifically on the mobile client, because of the way that we are able to think about how data can be transformed and transported, we came up with a very flexible mechanism to allow data to actually be interpreted on the fly, and processed, so that when you talk about two different banks, by transforming it into this type of format, we're able to kind of reinterpret it and process it. >> Would this be, could you think of this as a very, very smart stream processor that, where ETL would be at the most basic layer, and then you're adding meaning to the data so that it shows up to the mobile client in a way that coheres to the user model that the user is experiencing on their device? >> I think that's a really good way of putting it, yeah. I mean, there's a, we like to think of it, I call it a semantic layer, of how you, one, treat ETL as one process, and then you have a semantic layer that you basically transform the bottom bits, so to speak, into components that you can then assemble semantically so that it starts making sense to the end user. >> And to that point, you know, to your integration question, it is very challenging, because you're trying to marry the old with the new, and we'll tease the section for tomorrow in which Aaron will talk about that, but for us, at enterprise grade, it has to be done very cautiously, right? And we're under heavy regulation and compliance and security, and so, it's not about abandoning the old, right? It's trying to figure out, how do we take that, what's been in place and been stable, and then couple it with the new technology that we're introducing. >> Which is interesting conversation, the old versus new, and I look at your title, Dave, and it's got 'BI' in it. I remember I interviewed Christian Chabot, who was then CEO of Tableau, and he's like, "Old, slow, BI", okay, now you guys are here talking about Spark. Spark's all about real-time and speed and memory, and everything else. Talk about the transformation in your role as this industry has transformed. >> Yeah, absolutely, so, when we think about business intelligence and creating that intelligence layer, we elected the mobile channel, right? Because we're seeing that most inner activities happen there. So for us, an intelligent BI solution is not just, you know, data management and analytics platform. There has to be the fulfillment. You talk a lot about actioning on your data. So for us, it's, if we could actually create, you know, intelligence layer to analytics level, how can we feed marketing solutions with this intelligence to have the full circle and insights back? I believe, the gentlemen, they were talking about the RISE Lab in this morning session. >> Dave: The follow-on to AMP, basically. >> Yeah, exactly. So, there it was all about that feedback loop, right? And so, for us, when we think about BI, the whole loop is from data management to end-to-end marketing solutions, and then back, so that we can serve the mobile customer. >> Well, so, you know, the original promise of the data warehouse was this 365, what you just described, right? And being able to effect business outcomes, and that is now the promise of so-called big data, even though people don't really like that term anymore, so, my question is, is it same line, new bottle, or is it really transformational? Are we going to live up to that challenge this time around? As practitioners, I'd really love your input on that. >> I think I'd love to expand on that. >> Absolutely. >> Yeah, I mean, I don't think it's, I think it's a whole new bottle and a whole new wine. David here is from wine country, and, there's definitely the, data warehouse introduced the important concepts, of which is a tremendous foundation for us to stand on. You know, you always like to stand on the shoulders of giants. It introduced a concept, but in the case of marrying the new with the old, there's a tremendous extra third dimension, okay? So, we have a velocity dimension when we start talking about Apache Spark. We can accelerate it, make it go quick, and we can get that data. There's another aspect there when we start talking about, for example, hey, different banks have different types of way that they like to talk to it, so now we're kind of talking about, there's variation in people's data, and Apache Spark, actually, is able to give that capability to process data that is different than each other, and then being able to marry it, down the pipe, together. And then the additional, what I think is actually making it into a new wine is, when we start talking about data, the traditional mechanism, data warehousing, that 360 view of the customer, they were thinking more of data as in, I like to think of it as, let's count beans, right? Let's just come up with what how many people were doing X, how many were doing this? >> Dave: Accurate reporting, yeah. >> Exactly, and if you think about it, it was driving the business through the rear-view mirror, because all you had to do was base it off of the historical information, and that's how we're going to drive the business. We're going to look in the rear-view mirror, we're going to look at what's been going on, and then we're going to see what's going on. And I think the transformation here is taking technologies and being able to say, how do we put not only predictive analytics inside play, but how do we actually allow the customer to take control and actually move forward? And then, as well, expand those use cases for variation, use that same technology to look for, between the data points, are there more data points that can be actually derived and moved forward on? >> George, I loved that description. You have, in one of your reports, I remember, George had this picture of this boat, and he said, "Oh, imagine trying to drive the boat", and it was looking at the wake (laughs), you know, right? Rather than looking in the rear-view mirror. >> But in addition to that, yeah, it's like driving the rear-view mirror, but you also said something interesting about, sort of, I guess the words I used to use were anticipating and influencing the customer. >> Aaron: Exactly. >> Can you talk about how much of that is done offline, like scoring profiles, and how much of that is done in real-time with the customer? >> Go ahead. >> Well, a lot of it still is still being done offline, mostly because, you know, as trying to serve a bank, you have to also be able to serve their immediate needs. So, really, we're evolving to actually build that use case around the real-time. We actually do have the technology already in place. We built the POCs, we built the technology inside, we're being able to move real-time, and we're ready to go there. >> So, what will be the difference? Me as a consumer, how will that change my experience? >> I think that would probably be best for you. >> Yeah, well, just got to step back a little bit, too, because, you know, what we're representing here is the digital channel mobile analytics, right? But, there's other areas within FIS Global that handles real-time payments with real-time analytics, such as a credit card division, right? So, both are happening sort of in parallel right now. For us, from our perspective on the mobile and digital front, the experience and how that's going to change is that, if you were a bank, and as a bank or a credit union you're receiving this behavioral data from our product, you want to be able to offer up better services that meet your consumer profile, right? And so, from our standpoint, we're working with other teams within FIS Global via Spark and Cloud, to essentially get that holistic profile to offer up those services that are more targeted, that are, I think, more meaningful to the consumer when they're in the mobile banking application. >> So, does FIS provide that sort of data service, that behavioral service, sort of as a turnkey service, or as a service, or is that something that you sort of teach the bank or the credit union how to fish? >> That's a really good question. We stated our mission statement as helping these institutions, creating a culture of being data-driven, right? So, give them the taste of data in a way that, you know, democratizing data, if you will, as we talked about this morning. >> Dave: Yeah, that's right. >> That concept's really important to us, because with that comes, give FIS more data, right? Send them more data, or have them teach us how to manage all this data, to have a data science experience, where we can go in and play with the data to create our own sub-targeting, because our belief is that, you know, our clients know their customers the best, so we're here to serve them with tools to do that. >> So, I want to come back to the role of Spark. I mean, Hadoop was profound, right, I mean, shipped five megabytes of code, a petabyte a day, no doubt about it. But at the same time, it was a heavy lift. It still is a heavy lift. So talk about the role of Spark in terms of catalyzing that vision that we've been talking about. >> Oh, definitely. So, Apache Spark, when we talk in terms of big data, big data got started with Hadoop, and MapReduce was definitely an interesting concept, but Apache Spark really lifted and accelerates the entire vision of big data. When you look at, for example, MapReduce, you need to go get a team of trained engineers, who are typically going to work in a lower level language like Java, and they no longer focus in on what the business objectives are. They're focusing on the programming objectives, the requirements. With Spark, because it takes a more high-level abstraction of how we process data, it means that you're more focusing on, what's the actual business case? How are we actually abstracting the data? How are we moving data? But then it also gives you that same capability to go inside the actual APIs, get a little bit lower, to modify it for what's your specific needs. So, I think the true transformation with Apache Spark is basically allowing us, now, like for example, in the presentation this morning, it was, there's a lot of people who are using Scala. We use Scala, ourselves. There's now a lot of people who are using Python, and everybody's using SQL. How does SQL, something that has survived so robustly for almost 30, 40 years, still keep on coming back like a boomerang on us? And it's because a language composed of four simple keywords is just so easy to use, and so descriptive and declarative, that allows us to actually just concentrate on the business, and I think that's actually the acceleration that Apache Spark actually brings to the business, is being able to just focus in on what you're actually trying to do, and focus in on your objectives, and it actually lowers the actual, that same team of engineers that you're using for MapReduce now become extremely more productive. I mean, when I look at the number of lines of codes that we had to do to figure out machine learning and Hadoop, to the amount of lines that you have to do in Apache Spark, it's tremendously, it's like, five lines in Apache Spark, 30 in MapReduce, and the system just responds and gives it to you a hundred times faster. >> Why Spark, too? I mean, Spark, when we saw it two years ago, to your point of this tidal wave of data, we saw more mobile phone adoption, we saw those people that were on mobile banking using it more, logging in more, and then we're seeing the proliferation of devices, right, in IoT, so for us, these are all these interaction and data points that is a tsunami that's coming our way, so that's when we strategically elected to go Spark, so we could handle the volume and compute storage- >> And Aaron, what you just described is, all the attention used to be on just making it work, and now it's putting to work, is really- >> Aaron: Right, exactly. >> You're seeing that in your businesses. >> Quick question. Do you see, now that you have this, sort of, lower and lower latency analytics and ability to access more of the, what previously were data silos, do you see services that are possible that banks couldn't have thought of before, beyond just making different products recommended at the appropriate moment, are there new things that banks can offer? >> It's interesting. On one hand, you free up their time from an analysis standpoint, to where they could actually start to get out of the weeds to think about new products and services, so, from that component, yes. From the standpoint of seeing pattern recognition in the data, and seeing what it can do aside from target marketing, our products are actually often used by our product owners internally to understand, what are the consumers doing on the device, so that they could actually come up with better services to ultimately serve them, aside from marketing solutions. >> Notwithstanding your political affiliations, we won't go there, but there's certainly a mood of, and a trend toward, deregulation, that's presumably good news for the financial services industry. Can you comment on that, or, what's the narrative going on in your customer base? Are they excited about fewer regulations, or is that just all political nonsense? Any thoughts? >> Yeah (laughs), you know, on one hand, why people come to FIS is because we do adhere to a compliance and regulation standpoint, right? >> Dave: Complexity is your friend, then (laughs). >> Absolutely, right, so they can trust us in that regard, right? And so, from our vantage point, will it go away entirely? No, absolutely not, right. I think Cloud introduces a whole new layer of complexity, because how do you handle Cloud computing and NPI, and PII data in the Cloud, and our customers look to us to make sure that, first and foremost, security for the end consumer is in place, and so, but I think it's an interesting question, and one that you are seeing end users click through without even viewing agreements or whatnot, they just want to get to product, right? So, you know, will it go away, or do we see it going away? No, but ... >> You guys don't read all that text, do you? (laughing) >> No comment? >> Required, required to. >> You know, no matter where it goes with the politics, I think there's a theme over the last 10 years, and the 10 years before. Things are transforming, things are evolving in ways, and sometimes going extremely, extremely fast in ways that we don't, surely can't anticipate. I think, if we were to think about just a mobile application, or the mobile bank experience 10 years ago, all we wanted was just to be able to see just the bank balance, and now we're able to take that same application and not only see our bank balance, but be able to deposit our cheque, or even replace the card in our pocket completely, with the mobile app, and I think we're going to see the exact same types of transformations over the industry over the next 10 years. Whether or not it's more regulation or different regulation, I think it's going to still speak to the same services, which FIS is there to help deliver. >> Yeah, and you're right, there are going to be new regulations, because they'll evolve, maybe out with the old, in with the new, you see, and global regulations are on run book, and you've got your Cloud, there's data locality, and you know, it's never-ending. That's great for your business. Fantastic. >> It comes down to trust, ultimately, right? I mean, they still, our customers still go to banks and credit unions because they trust them with their data, if you will, or their online currency, in some regards. So, you know, that's not going to change. >> Right, yeah. Well, Aaron, Dave, thanks very much for coming to theCUBE, it was great to have you. >> Thanks so much for talking with us. >> Absolutely, good luck with everything. >> Alright, keep it right there, buddy. We'll be back with our next guest. This is theCUBE. We're live from Boston, Spark Summit East, #SparkSummit. Be right back. >> I remember, when I had such a fantastic batting practice-

>>The Cube presents UI Path Forward five. Brought to you by UI Path. >>Hi everybody. Welcome back to Las Vegas. You're watching the Cube's coverage of UI Path Forward. Five. We reach cruising altitude on day two. Christina Seacrest is here. She's the process Artificial intelligence and automation GPS automation leader at ey. And Bob PCIs, executive director for Intelligent Automation for the state of Tennessee. Folks, welcome to the cube. Thank you for Adam. >>Good >>To have you. Okay, I don't know if I messed up that title, Christina, but it's kind of interesting. You got process, you got ai, you got automation, you got gps. What's your role? >>I have a lot of rules, so thank you for that. Yeah, so my focus is first and foremost automation. So how do you get things like UI path into our clients, but also I focus specifically in our government and public sector clients. So sled specifically. So state local education. So that's why I'm here with the state of Tennessee. And then we also like to take it beyond automation. So how do you bring an artificial intelligence and all the technologies that come with that. So really full end to end spectrum of >>Automation. So Bob, when you think about the sort of the, the factors that are driving your organization of, how did you describe that, Those sort of external factors that inform your strategy. What, what's, what are the catalysts for how you determine to deploy technology? >>Well, it was primarily that we know tendency has a tendency to provide good customer service, but we want to get to a great status best in class, if you will. And we had an external advisory review where it said, Hey, you know, we could make automation to improve our customer experience. And so that was like a directive of the, the state leaders to go across the board and automate all processes statewide, starting with the 23 executive agencies. >>So where's the focus from that standpoint? Is it on just providing better interfaces to your constituents, your customers? Is it cutting costs or you actually have more budget to invest? Kind of a combination of >>Those? Yeah, so it's, it's really both qualitative and quantitative, right? So quantitative is where we're able to reduce hours and therefore we can redirect people to more less mundane work, if you will. And then qualitative is where we're able to reduce the errors, improve data quality, reduce cycle time for our citizens, you know, when they're making requests, et cetera. So it's, I think it's a combination of both of those quantitative and qualitative metrics that we are mandated in, in micromanaged, quite frankly to, to bring, make those >>Numbers. So I'm from Massachusetts, when I go to a a mass.gov website, I say, all this was done in the 1990s and you could just see where the different stovepipes were, were. But then every now and then you'll hit one and you'll say, Wow, okay, this is up to, it's such a great experience. And then the flip side of that is you want your employees to be happy and not have to do all this mundane work so you can retain the best people. You don't have to. So you're living that in, in state and, and local. So where did you start your automation journey? What role did EY play? Let's go. Yeah, >>Sure. So I, I, I think the thought for process automation was probably three or four years ago, but then we started the program about 18 months ago and there was a lot of, let's say behind the scenes work before we could bring EY in, you know, like what resources was I gonna have in, in the state that were gonna help me address all of the agency simultaneously, right? Cuz normally you'll see a project that'll do be more siloed across the state and say, we're gonna do this agency, we're gonna do this division. Well, you have 40 other agencies that are, you know, the momentum is it's just gonna fall, it wayside. So how we looked at it was let's blanket it and go across all 23 agencies at the same time, you know, identify common processes that are used across 40 divisions, for example, right? >>So, so what we basically did is we procured the software, you know, did the contracts, and then it was really about, I designed, I'm gonna say a multistream approach where they were, we could run multiple work streams, independent define all the architectures, required dev tests, production, the disaster recovery at the same time in parallel developed the center of excellence, the operation model, the processes, methodologies. And the third one was, let's go out to a few divisions, business administration, health, you know, health, human resources, and be able to do a process inventory to see what was there. And then based on that, there's all this theory of well let's do a proof of concept. Let's do a proof of technology, let's do apply. Well, the bottom line is rpa technology's been around for a long time. It's proven there's nothing to prove. But really what was important to prove before we decided to go, you know, full tilt was, you know, develop a proof of perceived business value. >>Are we gonna bring in the, the business value, the hours and the qu qualitative metrics that is expected by our ex executive team, The leadership, we were able to do that, you know, with the help of help of ey, we built out the prototypes and we got the green light to go forward, got ey to start, and then we just basically went pedal to the metal. We had our foundation already defined. We built up the architecture in less than one to two months. Now, in, in a public sector or private sector, it's just not heard of, right? But we have a tendency with EYs technical team, myself, we look around the, the road around the rock instead, the rock in the road, right? So we ended up coming up with a very unique, very easy to easy to handle architecture that was very scalable. And then were able to hit the ground running and deploy in production by December where head of >>Was EY involved in the whole, you know, dev test production, dr. Center of excellence, the, the process inventory or did you bring them in? Did you kind of do that internally then bring EY in for the proof of >>Value? EY was actually awarded the contract for soup to nuts, basically the first phase, which was those four work streams I told you about. And they worked with myself and the state of Tennessee infrastructure architecture teams. We needed to get these things defined and signed off the architecture so we could expedite getting them built out. And then they, and they basically ran all four work streams, you know, the process, inventory, the prototype, the, the proof of perceived business value, the building out the center of excellence, working with myself. And, and this wasn't just us in a, a vacuum, we ended up having to, I mean, I could do the strategy, I could do the technology and I could said the roadmap and all the good stuff, but we had to actually meet with a lot of the state or tendency organizations on change management. How do we end up putting this process or an automation in the middle of the, the normal traditional process, right? So there was a lot of interaction there and getting their feedback and then tweaking our operational model based on feedback from the state of Tennessee. So it was all very collective collaborative. I think that would be the keyword is collaborative and then building out everything. So then, and then we ended up going to the next way where they knew so much and we were, we had such a tight timeframe that we continued with ey. >>So Christina, Bob mentioned center of excellence a couple of times in the state of Tennessee, but then beyond state of Tennessee, other organizations you've worked with in this space, what's the relationship between center of excellence and this thing we've been hearing about over the last couple of days, the citizen developer has that been, has, has, has that been leveraged in the state of Tennessee? Bob, have you seen that leveraged in other places? Christina? What's that relationship look like? >>Yeah, so we don't leverage that, that model yet we have centralized model and there's reasons for that. So we don't end up having maverick's, runoff runoffs have one off, have, you know, have a a UI path version or down this division or have another RPA tool in another division, right? So then all of a sudden we're, we have a maintenance nightmare. Manageability nightmare. So we basically, you know, I I I negotiate an ELA with UI path, so therefore if anyone wants to go do another automation on another division, or they would basically follow our model, our design, our coe, our quality gates. We we're the gatekeepers to bring into production. >>Got it. Now, yeah. Now Christina, what's your perspective? Because I can imagine Nashville and Memphis might have very different ideas about a lot of things. Yeah. Little Tennessee reference there, but what, what, what about what, what about other places are you, are you seeing the citizen developer leveraged in, in some kinds of places more than others or >>What? Yeah. Yeah. And that's part of, because of the foundation we're building. Yeah. So we laid, you know, when, when Bob talks about the first phase of eight weeks, that was amazingly fast, even in that's ridiculous. Spoke about it to say you're gonna lay these four foundations. I was excited, like, I was like, wow, this, this is a very serious client. They wanna go fast and they wanna get that momentum, but the AUM was laid out so we could propel ourselves. So we are at 40 automations right now. We're in the works of creating 80 more automations in this next year. We'll be at 120 really quickly. The AUM is critical. And I will say at a client, I've, I've worked with over 50 clients on automation programs. The way state of Tennessee treats the aom and they abide by it, it is the living document of how you go and go fast. Got it. And the one thing I would say is it's also allowed us to have such immense quality. So I always talk about you put in forward, you put in another 80, we're at 98% uptime on all our automations, meaning they don't go down. And that's because of the AOM we set up. And the natural progression is going to be how do you take it to citizen developer? How do you take it to, we call, you know, process automation plus, >>But methodically, methodically, not just throwing it out at the beginning and, and hoping the chaos >>Works. Exactly. Exactly. And >>The ratio of of bots to automations, is that one to one or you have automation? Oh no, the single bot is doing multiple. So how many bots are you talking about? >>We're doing, Bob, you're gonna answer this better than I will, but the efficiency is amazing. We've been pushing that. >>So our ratio now, cause we have a high density architecture we put in is four bots, excuse me, four processes. The one bot and four bots, The one virtual machine EC two server. Right? So it's four to one, four to one. Now what we're going to get by next summer, we'll do more analysis. We'll probably get the six to one, six to one that's made serious shrinkage of our footprint from a machine, you know, management perspective from 60 down to seven right now we're gonna add the next chunk. We add another 80 automations in FIS gear 24. We're only gonna add two more bot, two more servers. Right? So that's only 10 running like close to 200 bucks. >>And, and is doing this on prem in the cloud? >>No, our, the architecture's fully >>Oh, cloud based >>Ct. Yeah. So we use UiPath SAS model. Yeah. Right. So that handles the orchestrator, the attended bots, all the other tooling you need automation hub, process minor et etc. Etc. Cetera. And then on the state side in aws we have, we use unattended bots, cert bots that have to go down into the legacy systems, et cetera. And they're sitting on EC two instances. >>Was there, was there a security not hole that you had to get through internally? What was that like? >>No, actually we, we, we were lock and step with the security team on this. I mean, there are some standards and templates and you know, what we had to follow, you know, but they're doing an assessment every single release, they do assessments on little bots, what systems it's activating or are accessing, et cetera. The data, because you have fedra data of FTI data, you know, in the public sector to make sure we're not touching it. >>Do you guys golf? >>I do, yeah. Not Well, yes, >>If you mean I I like golf but not don't golf well, but so you know what, what a mulligan is. If you had a Mulligan right, for the state of Tennessee, what'd you learn? What would you do differently? You know, what are some of the gotchas you see maybe Christina in, in other customers and then maybe specifically state of Tennessee, >>Right? I would say, you know, it is the intangibles. So when we talk about our clients that go fast and go big, like state of Tennessee, it's because that, that we call it phase zero that gets done that Bob did. It's about making sure you've got the sponsorship. So we've got executive sponsorship all the way up. You've got amazing stakeholder engagement. So you're communicating the value of what we're trying to do. And you're, you're showing them the value. We have been really focused on the return on investment and we'll talk a little bit about that, but it's how do you make sure that when you do, you know, states are different with those agencies, you have such an opportunity to maximize return on investment if you do it right, because you're not talking about automation in one agency, you're talking it across multiple agencies. We call that the multiplier effect. And that's huge. And if you understand that and how to actually apply that, the value you get is amazing. So I, I don't, I can't say there's a mulligan here, Bob, you may think of some, I know on other clients, if you don't line up your stakeholders and you don't set the expectations early on, you meander and you may get five, six automations in over the year. You know, when I go to clients and say, we're doing 40, we're doing 80, they're like, >>Wow, that's the, but that's the bottom line. Gotcha. Is if you, if you want to have an operational impact and have multiple zeros, you gotta go through that process that you said up front. >>Exactly. A >>Anything you do differently, Bob? >>Well, I I what I do differently, I mean, I think, I mean we, we did get executive sponsorship, you know, and in one area, but we still have to go out to all the 23 agencies and get, and bring awareness and kind of like set the hook to bring 'em in, right? Bring 'em to the, to the, to the lake. Right. And, and I think if, if it was more of a blanket top down, getting every agency to agree to, you know, in investigate automation, it would've been a lot easier. So we're, we're, we're getting it done. We've gone through 13 agencies already and less than a year, all of our releases are sprinkling across multiple agencies. So it's not like a silo. I'll look at that. Everyone at every agency is being impacted. So I think that's great. But I, I think our, our Mueller now is just trying to make sure we have enough backlog to do the next sprints. >>Is it, you know, the ROI on these initiatives is, is, is so clear and so fast. Is it self-funding? Is there gain sharing or do you just give business, give money back to the state and have to scramble for more? Do you get to, you know, get a lick off that cone? >>Unfortunately we don't, but I, I, I try to see if we could get some property like, nah, we don't do that. It's all cost, cost based. But, but our ROI is very attractive, I think for, for doing a whole state, you know, transformation. I think our ROI is three and a half to four years. Right. And that's pretty mind blowing. Even if you look at private sector or, I, I think some of the, the key things which people are noticing, even though we're in public sector, we're we are very nimble. This project is extremely nimble. We've had people come in, exactly, we need this, so we're gonna get penalized. Okay, knock it out in four hours, four days. Right? So it's that nimbleness that you just don't hear of even in private sector or public sector. And we're just able to do that for all the collaboration we do across ey, across myself and across all the other organizations that I, that I kind of drag along or what have, >>What do you, what do you, do you see any limits to the opportunities here? I mean, is this a decade long opportunity? Is you have that much runway >>Or that's just not my dna, so we're gonna, we're gonna probably do it like in four years, but Well, when >>You say do it, I mean, will you be done at that point? Or do you see the weight, >>Look at, you know, we could boil the ocean and I think this is one of the reasons why we're successful is we could boil the ocean and and be, it will be 10 attended 20 year program. Yeah. Okay. Or we looked at it, we had some of EY guys look at it and say, I said, what's the 25 80 rule? Meaning, you know, give me, So if we had 500 processes, tell me how many processes will gimme 80% of the hours. And it was 125, it was a 25 80 rule. I said, that's what we're doing it, we're doing, we're gonna do the 80% of the hours quantifiably. Now when we're done with that pass, then we'll have those other ones that are bringing 20% of the hours, that's when we might be bringing citizens in. That's what we're bringing state workers in. But at that same time, we will be going back in the wave and doing advanced ai. Right. Or advance ia, in other words. So right now we do rpa, ocr, icr, but you know, there's NL ml nps, there's virtual agents and stuff. So that's like the wave we're gonna do through the ones we've already gone through. Got it. Right. So it'll probably be a two or three wave or iterations. >>Cool. Guys, thanks so much for coming into the cube. Great story. Really appreciate you taking us through it. Thank you so much for having us. You're very welcome. All right, keep it right there. Dave Nicholson. The Dave ante. We back at UI path forward five from the Venetian in Las Vegas. Keep it right there.

>> Announcer: From theCUBE studios in Palo Alto in Boston, connecting with thought leaders all around the world. This is a CUBE conversation. >> Hi everyone. Welcome to this CUBE Conversation. I'm John Furrier host of theCUBE here in the CUBEs, Palo Alto studios during the COVID crisis. We're quarantine with our crew, but we got the remote interviews. Got two great guests here from Fortinet FortiGuard Labs, Derek Mankey, Chief Security Insights and global threat alliances at Fortinet FortiGuard Labs. And Aamir Lakhani who's the Lead Researcher for the FortiGuard Labs. You guys is great to see you. Derek, good to see you again, Aamir, good to meet you too. >> It's been a while and it happens so fast. >> It just seems was just the other day, Derek, we've done a couple of interviews in between a lot of flow coming out of Fortinet FortiGuard, a lot of action, certainly with COVID everyone's pulled back home, the bad actors taking advantage of the situation. The surface areas increased really is the perfect storm for security in terms of action, bad actors are at an all time high, new threats. Here's going on, take us through what you guys are doing. What's your team makeup look like? What are some of the roles and you guys are seeing on your team and how does that transcend to the market? >> Yeah, sure, absolutely. So you're right. I mean like I was saying earlier that is, this always happens fast and furious. We couldn't do this without a world class team at FortiGuard Labs. So we've grown our team now to over 235 globally. There's different rules within the team. If we look 20 years ago, the rules used to be just very pigeonholed into say antivirus analysis, right? Now we have to account for, when we're looking at threats, we have to look at that growing attack surface. We have to look at where are these threats coming from? How frequently are they hitting? What verticals are they hitting? What regions, what are the particular techniques, tactics, procedures? So we have threat. This is the world of threat intelligence, of course, contextualizing that information and it takes different skill sets on the backend. And a lot of people don't really realize the behind the scenes, what's happening. And there's a lot of magic happening, not only from what we talked about before in our last conversation from artificial intelligence and machine learning that we do at FortiGuard Labs and automation, but the people. And so today we want to focus on the people and talk about how on the backend we approached a particular threat, we're going to talk to the word ransom and ransomware, look at how we dissect threats, how correlate that, how we use tools in terms of threat hunting as an example, and then how we actually take that to that last mile and make it actionable so that customers are protected. I would share that information with keys, right, until sharing partners. But again, it comes down to the people. We never have enough people in the industry, there's a big shortage as we know, but it's a really key critical element. And we've been building these training programs for over a decade with them FortiGuard Labs. So, you know John, this to me is exactly why I always say, and I'm sure Aamir can share this too, that there's never a adult day in the office and all we hear that all the time. But I think today, all of you is really get an idea of why that is because it's very dynamic and on the backend, there's a lot of things that we're doing to get our hands dirty with this. >> You know the old expression startup plan Silicon Valley is if you're in the arena, that's where the action is. And it's different than sitting in the stands, watching the game. You guys are certainly in that arena and you got, we've talked and we cover your, the threat report that comes out frequently. But for the folks that aren't in the weeds on all the nuances of security, can you kind of give the 101 ransomware, what's going on? What's the state of the ransomware situation? Set the stage because that's still continues to be threat. I don't go a week, but I don't read a story about another ransomware. And then at least I hear they paid 10 million in Bitcoin or something like, I mean, this is real, that's a real ongoing threat. What is it? >> The (indistinct) quite a bit. But yeah. So I'll give sort of the 101 and then maybe we can pass it to Aamir who is on the front lines, dealing with this every day. You know if we look at the world of, I mean, first of all, the concept of ransom, obviously you have people that has gone extended way way before cybersecurity in the world of physical crime. So of course, the world's first ransom where a virus is actually called PC Cyborg. This is a 1989 around some payment that was demanded through P.O Box from the voters Panama city at the time, not too effective on floppiness, a very small audience, not a big attack surface. Didn't hear much about it for years. Really, it was around 2010 when we started to see ransomware becoming prolific. And what they did was, what cyber criminals did was shift on success from a fake antivirus software model, which was, popping up a whole bunch of, setting here, your computer's infected with 50 or 60 viruses, PaaS will give you an antivirus solution, which was of course fake. People started catching on, the giggles out people caught on to that. So they, weren't making a lot of money selling this fraudulent software, enter ransomware. And this is where ransomware, it really started to take hold because it wasn't optional to pay for this software. It was mandatory almost for a lot of people because they were losing their data. They couldn't reverse engineer that the encryption, couldn't decrypt it, but any universal tool. Ransomware today is very rigid. We just released our threat report for the first half of 2020. And we saw, we've seen things like master boot record, MVR, ransomware. This is persistent. It sits before your operating system, when you boot up your computer. So it's hard to get rid of it. Very strong public private key cryptography. So each victim is effective with the direct key, as an example, the list goes on and I'll save that for the demo today, but that's basically, it's just very, it's prolific. We're seeing shuts not only just ransomware attacks for data, we're now starting to see ransom for extortion, for targeted around some cases that are going after critical business. Essentially it's like a DoS holding revenue streams go ransom too. So the ransom demands are getting higher because of this as well. So it's complicated. >> Was mentioning Aamir, why don't you weigh in, I mean, 10 million is a lot. And we reported earlier in this month. Garmin was the company that was hacked, IT got completely locked down. They pay 10 million, Garmin makes all those devices. And as we know, this is impact and that's real numbers. I mean, it's not other little ones, but for the most part, it's nuance, it's a pain in the butt to full on business disruption and extortion. Can you explain how it all works before we go to the demo? >> You know, you're absolutely right. It is a big number and a lot of organizations are willing to pay that number, to get their data back. Essentially their organization and their business is at a complete standstill when they don't pay, all their files are inaccessible to them. Ransomware in general, what it does end up from a very basic overview is it basically makes your files not available to you. They're encrypted. They have essentially a passcode on them that you have to have the correct passcode to decode them. A lot of times that's in a form of a program or actually a physical password you have to type in, but you don't get that access to get your files back unless you pay the ransom. A lot of corporations these days, they are not only paying the ransom. They're actually negotiating with the criminals as well. They're trying to say, "Oh, you want 10 million? "How about 4 million?" Sometimes that goes on as well. But it's something that organizations know that if they didn't have the proper backups and the hackers are getting smart, they're trying to go after the backups as well. They're trying to go after your duplicated files. So sometimes you don't have a choice in organizations. Will pay the ransom. >> And it's, they're smart, there's a business. They know the probability of buy versus build or pay versus rebuild. So they kind of know where to attack. They know that the tactics and it's vulnerable. It's not like just some kitty script thing going on. This is real sophisticated stuff it's highly targeted. Can you talk about some use cases there and what goes on with that kind of a attack? >> Absolutely. The cyber criminals are doing reconnaissance and trying to find out as much as they can about their victims. And what happens is they're trying to make sure that they can motivate their victims in the fastest way possible to pay the ransom as well. So there's a lot of attacks going on. We usually, what we're finding now is ransomware is sometimes the last stage of an attack. So an attacker may go into an organization. They may already be taking data out of that organization. They may be stealing customer data, PII, which is personal identifiable information, such as social security numbers, or driver's licenses, or credit card information. Once they've done their entire tap. Once they've gone everything, they can. A lot of times their end stage, their last attack is ransomware. And they encrypt all the files on the system and try and motivate the victim to pay as fast as possible and as much as possible as well. >> I was talking to my buddy of the day. It's like casing the joint there, stay, check it out. They do their recon, reconnaissance. They go in identify what's the best move to make, how to extract the most out of the victim in this case, the target. And it really is, I mean, it's just to go on a tangent, why don't we have the right to bear our own arms? Why can't we fight back? I mean, at the end of the day, Derek, this is like, who's protecting me? I mean, what to protect my, build my own arms, or does the government help us? I mean, at some point I got a right to bear my own arms here. I mean, this is the whole security paradigm. >> Yeah. So, I mean, there's a couple of things. So first of all, this is exactly why we do a lot of, I was mentioning the skill shortage in cyber cybersecurity professionals as an example. This is why we do a lot of the heavy lifting on the backend. Obviously from a defensive standpoint, you obviously have the red team, blue team aspect. How do you first, there's what is to fight back by being defensive as well, too. And also by, in the world of threat intelligence, one of the ways that we're fighting back is not necessarily by going and hacking the bad guys because that's illegal jurisdictions. But how we can actually find out who these people are, hit them where it hurts, freeze assets, go after money laundering networks. If you follow the cash transactions where it's happening, this is where we actually work with key law enforcement partners, such as Interpol as an example, this is the world of threat intelligence. This is why we're doing a lot of that intelligence work on the backend. So there's other ways to actually go on the offense without necessarily weaponizing it per se, right? Like using, bearing your own arms as you said, there there's different forms that people may not be aware of with that. And that actually gets into the world of, if you see attacks happening on your system, how you can use the security tools and collaborate with threat intelligence. >> I think that's the key. I think the key is these new sharing technologies around collective intelligence is going to be a great way to kind of have more of an offensive collective strike. But I think fortifying, the defense is critical. I mean, that's, there's no other way to do that. >> Absolutely, I mean, we say this almost every week, but it's in simplicity. Our goal is always to make it more expensive for the cybercriminal to operate. And there's many ways to do that, right? You can be a pain to them by having a very rigid, hardened defense. That means if it's too much effort on their end, I mean, they have ROIs and in their sense, right? It's too much effort on there and they're going to go knocking somewhere else. There's also, as I said, things like disruption, so ripping infrastructure offline that cripples them, whack-a-mole, they're going to set up somewhere else. But then also going after people themselves, again, the cash networks, these sorts of things. So it's sort of a holistic approach between- >> It's an arms race, better AI, better cloud scale always helps. You know, it's a ratchet game. Aamir, I want to get into this video. It's a ransomware four minute video. I'd like you to take us through as you the Lead Researcher, take us through this video and explain what we're looking at. Let's roll the video. >> All right. Sure. So what we have here is we have the victims that's top over here. We have a couple of things on this victim's desktop. We have a batch file, which is essentially going to run the ransomware. We have the payload, which is the code behind the ransomware. And then we have files in this folder. And this is where you would typically find user files and a real world case. This would be like Microsoft or Microsoft word documents, or your PowerPoint presentations, or we're here we just have a couple of text files that we've set up. We're going to go ahead and run the ransomware. And sometimes attackers, what they do is they disguise this. Like they make it look like an important word document. They make it look like something else. But once you run the ransomware, you usually get a ransom message. And in this case, a ransom message says, your files are encrypted. Please pay this money to this Bitcoin address. That obviously is not a real Bitcoin address. I usually they look a little more complicated, but this is our fake Bitcoin address. But you'll see that the files now are encrypted. You cannot access them. They've been changed. And unless you pay the ransom, you don't get the files. Now, as researchers, we see files like this all the time. We see ransomware all the time. So we use a variety of tools, internal tools, custom tools, as well as open source tools. And what you're seeing here is an open source tool. It's called the Cuckoo Sandbox, and it shows us the behavior of the ransomware. What exactly is ransomware doing. In this case, you can see just clicking on that file, launched a couple of different things that launched basically a command executable, a power shell. They launched our windows shell. And then at, then add things on the file. It would basically, you had registry keys, it had on network connections. It changed the disk. So that's kind of gives us a behind the scenes, look at all the processes that's happening on the ransomware. And just that one file itself, like I said, does multiple different things. Now what we want to do as a researchers, we want to categorize this ransomware into families. We want to try and determine the actors behind that. So we dump everything we know in a ransomware in the central databases. And then we mine these databases. What we're doing here is we're actually using another tool called Maldito and use custom tools as well as commercial and open source tools. But this is a open source and commercial tool. But what we're doing is we're basically taking the ransomware and we're asking Maldito to look through our database and say like, do you see any like files? Or do you see any types of incidences that have similar characteristics? Because what we want to do is we want to see the relationship between this one ransomware and anything else we may have in our system, because that helps us identify maybe where the ransomware is connecting to, where it's going to other processes that I may be doing. In this case, we can see multiple IP addresses that are connected to it. So we can possibly see multiple infections. We can block different external websites that we can identify a command and control system. We can categorize this to a family, and sometimes we can even categorize this to a threat actor as claimed responsibility for it. So it's essentially visualizing all the connections and the relationship between one file and everything else we have in our database. And this example, of course, I'd put this in multiple ways. We can save these as reports, as PDF type reports or usually HTML or other searchable data that we have back in our systems. And then the cool thing about this is this is available to all our products, all our researchers, all our specialty teams. So when we're researching botnets, when we're researching file-based attacks, when we're researching IP reputation, we have a lot of different IOC or indicators of compromise that we can correlate where attacks go through and maybe even detect new types of attacks as well. >> So the bottom line is you got the tools using combination of open source and commercial products to look at the patterns of all ransomware across your observation space. Is that right? >> Exactly. I showed you like a very simple demo. It's not only open source and commercial, but a lot of it is our own custom developed products as well. And when we find something that works, that logic, that technique, we make sure it's built into our own products as well. So our own customers have the ability to detect the same type of threats that we're detecting as well. At FortiGuard Labs, the intelligence that we acquire, that product, that product of intelligence it's consumed directly by our prospects. >> So take me through what what's actually going on, what it means for the customer. So FortiGuard Labs, you're looking at all the ransomware, you seeing the patterns, are you guys proactively looking? Is it, you guys are researching, you look at something pops in the radar. I mean, take us through what goes on and then how does that translate into a customer notification or impact? >> So, yeah, John, if you look at a typical life cycle of these attacks, there's always proactive and reactive. That's just the way it is in the industry, right? So of course we try to be (indistinct) as we look for some of the solutions we talked about before, and if you look at an incoming threat, first of all, you need visibility. You can't protect or analyze anything that you can see. So you got to get your hands on visibility. We call these IOC indicators of compromise. So this is usually something like an actual executable file, like the virus or the malware itself. It could be other things that are related to it, like websites that could be hosting the malware as an example. So once we have that SEED, we call it a SEED. We can do threat hunting from there. So we can analyze that, right? If we have to, it's a piece of malware or a botnet, we can do analysis on that and discover more malicious things that this is doing. Then we go investigate those malicious things. And we really, it's similar to the world of CSI, right? These different dots that they're connecting, we're doing that at hyper-scale. And we use that through these tools that Aamir was talking about. So it's really a lifecycle of getting the malware incoming, seeing it first, analyzing it, and then doing action on that. So it's sort of a three step process. And the action comes down to what Aamir was saying, waterfall and that to our customers, so that they're protected. But then in tandem with that, we're also going further and I'm sharing it if applicable to say law enforcement partners, other threat Intel sharing partners too. And it's not just humans doing that. So the proactive piece, again, this is where it comes to artificial intelligence, machine learning. There's a lot of cases where we're automatically doing that analysis without humans. So we have AI systems that are analyzing and actually creating protection on its own too. So it's quite interesting that way. >> It say's at the end of the day, you want to protect your customers. And so this renders out, if I'm a Fortinet customer across the portfolio, the goal here is protect them from ransomware, right? That's the end game. >> Yeah. And that's a very important thing. When you start talking to these big dollar amounts that were talking earlier, it comes to the damages that are done from that- >> Yeah, I mean, not only is it good insurance, it's just good to have that fortification. So Derek, I going to ask you about the term the last mile, because, we were, before we came on camera, I'm a band with junkie always want more bandwidth. So the last mile, it used to be a term for last mile to the home where there was telephone lines. Now it's fiber and wifi, but what does that mean to you guys in security? Does that mean something specific? >> Yeah, absolutely. The easiest way to describe that is actionable. So one of the challenges in the industry is we live in a very noisy industry when it comes to cybersecurity. What I mean by that is that because of that growing attacks for FIS and you have these different attack factors, you have attacks not only coming in from email, but websites from DoS attacks, there's a lot of volume that's just going to continue to grow is the world that 5G and OT. So what ends up happening is when you look at a lot of security operations centers for customers, as an example, there are, it's very noisy. It's you can guarantee almost every day, you're going to see some sort of probe, some sort of attack activity that's happening. And so what that means is you get a lot of protection events, a lot of logs. And when you have this worldwide shortage of security professionals, you don't have enough people to process those logs and actually start to say, "Hey, this looks like an attack." I'm going to go investigate it and block it. So this is where the last mile comes in, because a lot of the times that, these logs, they light up like Christmas. And I mean, there's a lot of events that are happening. How do you prioritize that? How do you automatically add action? Because the reality is if it's just humans doing it, that last mile is often going back to your bandwidth terms. There's too much latency. So how do you reduce that latency? That's where the automation, the AI machine learning comes in to solve that last mile problem to automatically add that protection. It's especially important 'cause you have to be quicker than the attacker. It's an arms race, like you said earlier. >> I think what you guys do with FortiGuard Labs is super important, not only for the industry, but for society at large, as you have kind of all this, shadow, cloak and dagger kind of attack systems, whether it's national security international, or just for, mafias and racketeering, and the bad guys. Can you guys take a minute and explain the role of FortiGuards specifically and why you guys exist? I mean, obviously there's a commercial reason you built on the Fortinet that trickles down into the products. That's all good for the customers, I get that. But there's more at the FortiGuards. And just that, could you guys talk about this trend and the security business, because it's very clear that there's a collective sharing culture developing rapidly for societal benefit. Can you take a minute to explain that? >> Yeah, sure. I'll give you my thoughts, Aamir will add some to that too. So, from my point of view, I mean, there's various functions. So we've just talked about that last mile problem. That's the commercial aspect. We created a through FortiGuard Labs, FortiGuard services that are dynamic and updated to security products because you need intelligence products to be able to protect against intelligent attacks. That's just a defense again, going back to, how can we take that further? I mean, we're not law enforcement ourselves. We know a lot about the bad guys and the actors because of the intelligence work that we do, but we can't go in and prosecute. We can share knowledge and we can train prosecutors, right? This is a big challenge in the industry. A lot of prosecutors don't know how to take cybersecurity courses to court. And because of that, a lot of these cyber criminals reign free, and that's been a big challenge in the industry. So this has been close my heart over 10 years, I've been building a lot of these key relationships between private public sector, as an example, but also private sector, things like Cyber Threat Alliance. We're a founding member of the Cyber Threat Alliance. We have over 28 members in that Alliance, and it's about sharing intelligence to level that playing field because attackers roam freely. What I mean by that is there's no jurisdictions for them. Cyber crime has no borders. They can do a million things wrong and they don't care. We do a million things right, one thing wrong and it's a challenge. So there's this big collaboration. That's a big part of FortiGuard. Why exists too, as to make the industry better, to work on protocols and automation and really fight this together while remaining competitors. I mean, we have competitors out there, of course. And so it comes down to that last mile problems on is like, we can share intelligence within the industry, but it's only intelligence is just intelligence. How do you make it useful and actionable? That's where it comes down to technology integration. >> Aamir, what's your take on this societal benefit? Because, I would say instance, the Sony hack years ago that, when you have nation States, if they put troops on our soil, the government would respond, but yet virtually they're here and the private sector has to fend for themselves. There's no support. So I think this private public partnership thing is very relevant, I think is ground zero of the future build out of policy because we pay for freedom. Why don't we have cyber freedom if we're going to run a business, where is our help from the government? We pay taxes. So again, if a military showed up, you're not going to see companies fighting the foreign enemy, right? So again, this is a whole new changeover. What's your thought? >> It really is. You have to remember that cyber attacks puts everyone on an even playing field, right? I mean, now don't have to have a country that has invested a lot in weapons development or nuclear weapons or anything like that. Anyone can basically come up to speed on cyber weapons as long as an internet connection. So it evens the playing field, which makes it dangerous, I guess, for our enemies. But absolutely I think a lot of us, from a personal standpoint, a lot of us have seen research does I've seen organizations fail through cyber attacks. We've seen the frustration, we've seen, like besides organization, we've seen people like, just like grandma's lose their pictures of their other loved ones because they kind of, they've been attacked by ransomware. I think we take it very personally when people like innocent people get attacked and we make it our mission to make sure we can do everything we can to protect them. But I will add that at least here in the U.S. the federal government actually has a lot of partnerships and a lot of programs to help organizations with cyber attacks. The US-CERT is always continuously updating, organizations about the latest attacks and regard is another organization run by the FBI and a lot of companies like Fortinet. And even a lot of other security companies participate in these organizations. So everyone can come up to speed and everyone can share information. So we all have a fighting chance. >> It's a whole new wave of paradigm. You guys are on the cutting edge. Derek always great to see you, Aamir great to meet you remotely, looking forward to meeting in person when the world comes back to normal as usual. Thanks for the great insights. Appreciate it. >> Pleasure as always. >> Okay. Keep conversation here. I'm John Furrier, host of theCUBE. Great insightful conversation around security ransomware with a great demo. Check it out from Derek and Aamir from FortiGuard Labs. I'm John Furrier. Thanks for watching.